The use of local accounts for remote access in Active Directory environments is problematic for a number of reasons. By far, the biggest problem is that when an administrative local account has the same user name and password on multiple machines, an attacker with administrative rights on one machine...

The attachment on this post describes what's new in the security baseline recommendations for Windows 8.1, Windows Server 2012 R2 and Internet Explorer 11, relative to the baselines published for Windows 8, Windows Server 2012 and Internet Explorer 10 . It is included as a Word document in the download...

We have made a small number of changes in the baseline security guidance for Windows 8.1, Windows Server 2012 R2 and Internet Explorer 11 since we released the beta version of our guidance last April. This blog post discusses those changes and the reasons for them.
Account Lockout Threshold: we’re...

We can recommend an ideal configuration for most of the settings in our security guidance. For example, the “Debug programs” privilege should be granted to Administrators and to no one else. For account lockout, however, there is no “one size fits all” setting, but there’s...

Microsoft is pleased to announce the final release of security baseline settings for Windows 8.1, Windows Server 2012 R2 and Internet Explorer 11. Some of the highlights of the new security baselines (many of which we intend to backport to older versions of Windows and IE):
Use of new and existing...

In the latest review of the official Microsoft security baselines for all versions of Windows client and Windows Server, we decided to remove our earlier recommendation to enable “FIPS mode”, or more precisely, the security option called “System Cryptography: Use FIPS compliant algorithms...

Update, 13 August 2014: The final version of this guidance has been posted here . The changes since the beta are described here , with a separate discussion about the changes in the Account Lockout policy here .
Microsoft is pleased to announce the beta release of security baseline settings for...

Secure your environment with SCM 3.0!
The Security Compliance Manager (SCM) is a free tool from the Microsoft Solution Accelerators team that enables you to quickly configure and manage the computers in your environment and your private cloud using Group Policy and Microsoft ® System Center Configuration...

SCM makes configuration management for both computers and your private cloud a snap!
Security Compliance Manager 2 is a free tool from the Microsoft Solution Accelerators team that enables you to quickly configure and manage your computers, traditional datacenter, and private cloud using Group Policy...

You’ve been asking for Exchange Server baselines. You’ve been waiting for the Windows 7 SP1 baseline update. They are all available now in SCM v2.5!
SCM 2.5 includes a number of new and updated baselines, empowering you to manage configuration drift, address compliance requirements, and...